On 2017-11-21 10:49, Jeremy Jongepier wrote: > Hello David, > >> I'm currently taking over a bunch of packages for Arch Linux (mainly >> pro-audio stuff). >> Would it be possible to implement letsencrypt for linuxaudio.org and all >> of its subdomains? > It's possible for linuxaudio.org but not for all the subdomains. the > linuxaudio.org server is a shared server that hosts projects of a > variety of organizations and people. r...@linuxaudio.org can't enforce > the usage of SSL for all users, it's a decision the users have to take.
i'm not sure whether i read this correctly, but you make it sound like there's technical problems hindering the implementation of https://, although i think these are merely social (e.g. you don't want to shove https:// down the throat of just anybody). it's also slightly unclear what you mean by "users" (intuitively i would have said that "users" refers to the people who want to access the website with their browsers; however, as r...@linuxaudio.org you might think of the 'variety of organizations and people' who host projects on linuxaudio.org as your "users"). also, there's a slight difference between "enforcing the usage of SSL" (shoving it down the throats of everybody) and "enabling" it. https:// is a great means against mitm attacks; as ralf has pointed out, it's less useful as a tool to ensure privacy (use tor for that) or integrity (use gpg signatures for that). however, it does help raising the standards for both. there is practically no reason to *not* use https:// everywhere (well there's one: CPU power on the server side). if CPU power is not a problem, i would suggest to: - enable https:// for *all* VHOSTS that are directly running on the linuxaudio.org infrastructure - allow all organizations and people that "run" one of these VHOSTS to permanently redirect to https:// (if the choose so). of course people who run their own VHOSTS (if any) need to implement https:// themselves. and of course, i'm not associated with anything linuxaudio.org, so i don't know the exact contract under which you give away VHOSTS. asdr IOhannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org https://lists.linuxaudio.org/listinfo/linux-audio-dev
